Merge pull request #882 from tyfiero/Add-safety-and-docker-support-documentation

KillianLucas · web-flow · commit c607f77216a8 · 2024-01-07T14:58:23.000-08:00
diff --git a/docs/integrations/docker.mdx b/docs/integrations/docker.mdx
@@ -2,4 +2,68 @@
 title: Docker
 ---
 
-Coming soon...
+Docker support is currently experimental. Running Open Interpreter inside of a Docker container can cause issues, and it may not function as you expect. Let us know on [Discord](https://discord.com/invite/6p3fD6rBVm) if you encounter errors or have suggestions to improve Docker support. We are working on an official integration for Docker in the coming weeks. For now, you can use Open Interpreter in a sandboxed Docker container environment using the following steps:
+
+1. If you do not have Docker Desktop installed, [install it](https://www.docker.com/products/docker-desktop) before proceeding.
+
+2. Create a new directory and add a file named `Dockerfile` in it with the following contents:
+
+```dockerfile
+# Use an official Python runtime as a parent image
+FROM python:3.11
+# Set the working directory in the container to /app
+WORKDIR /app
+# Copy the current directory contents into the container at /app
+COPY . /app
+# Install any needed packages specified in requirements.txt
+RUN pip install --no-cache-dir -r requirements.txt
+
+```
+
+3. Create a file named `requirements.txt` in the same directory with the following contents:
+
+```text
+open-interpreter
+```
+
+4. Create a file named docker-compose.yml in the same directory with the following contents:
+
+```yaml
+version: "3"
+services:
+  oi:
+    build: .
+    volumes:
+      - .:/app
+    tty: true
+    environment:
+      - OPENAI_API_KEY=<your-openai-api-key>
+```
+
+5. Run the following command in the same directory to start Open Interpreter. The `-rm` flag ensures that the container is removed after the command is executed.
+
+```bash
+
+docker-compose run --rm oi interpreter
+
+```
+
+To add flags to the command, just append them after `interpreter`. For example, to run the interpreter with custom instructions, run the following command:
+
+```bash
+
+docker-compose run --rm oi interpreter --custom_instructions "Be as concise as possible"
+
+```
+
+Please note that some flags will not work. For example, `--config` will not work, because it cannot open the config file in the container. If you want to use a config file other than the default, you can create a `config.yml` file inside of the same directory, add your custom config, and then run the following command:
+
+```bash
+
+docker-compose run --rm oi interpreter --config_file config.yml
+
+```
+
+Also keep in mind that when it runs inside a docker container, it is sandboxed from your machine. That means it does NOT have access to any of your files, nor will it know what operating system you are using, as it will be running a Linux OS inside the container. You can add files directly to the directory that contains the `Dockerfile` and `docker-compose.yml` files if you need to.
+
+Again, we are working on an official integration for Docker in the coming weeks. Please let us know if you have any ideas on how to make it better!
diff --git a/docs/safety/best-practices.mdx b/docs/safety/best-practices.mdx
@@ -2,4 +2,16 @@
 title: Best Practices
 ---
 
-Coming soon...
+LLM's are not perfect. They can make mistakes, they can be tricked into doing things that they shouldn't, and they are capable of writing unsafe code. This page will help you understand how to use these LLM's safely.
+
+## Best Practices
+
+- Avoid asking it to perform potentially risky tasks. This seems obvious, but it's the number one way to prevent safety mishaps.
+
+- Run it in a sandbox. This is the safest way to run it, as it completely isolates the code it runs from the rest of your system.
+
+- Use trusted models. Yes, Open Interpreter can be configured to run pretty much any text-based model on huggingface. But it does not mean it's a good idea to run any random model you find. Make sure you trust the models you're using. If you're not sure, run it in a sandbox. Nefarious LLM's are becoming a real problem, and they are not going away anytime soon.
+
+- Local models are fun! But GPT-4 is probably your safest bet. OpenAI has their models aligned in a major way. It will outperform the local models, and it will generally refuse to run unsafe code, as it truly understands that the code it writes could be run. It has a pretty good idea what unsafe code looks like, and will refuse to run code like `rm -rf /` that would delete your entire disk, for example.
+
+- The [--safe_mode](/safety/safe-mode) argument is your friend. It enables code scanning, and can use [guarddog](https://github.com/DataDog/guarddog) to identify malicious PyPi and npm packages. It's not a perfect solution, but it's a great start.
diff --git a/docs/safety/introduction.mdx b/docs/safety/introduction.mdx
@@ -2,4 +2,16 @@
 title: Introduction
 ---
 
-Coming soon...
+Safety is a top priority for us at Open Interpreter. Running LLM generated code on your computer is inherently risky, and we have taken steps to make it as safe as possible. One of the primary safety 'mechanisms', is the alignment of the LLM itself. GPT-4 refuses to run dangerous code like `rm -rf /`, it understands what that command will do, and won't let you footgun yourself. This is less applicable when running local models like Mistral, that have little or no alignment, making our other safety measures more important.
+
+# Safety Measures
+
+- [Safe mode]("/safety/safe-mode.mdx") enables code scanning, as well as the ability to scan packages with (guarddog)[https://github.com/DataDog/guarddog] with a simple change to the system message. See the [safe mode docs](/safety/safe-mode.mdx) for more information.
+
+- Requiring confirmation with the user before the code is actually run. This is a simple measure that can prevent a lot of accidents. It exists as another layer of protection, but can be disabled with the `--auto-run` flag if you wish.
+
+- Sandboxing code execution. Open Interpreter can be run in a sandboxed envirnoment using [Docker](/introduction/docker). This is a great way to run code without worrying about it affecting your system. Docker support is currently experimental, but we are working on making it a core feature of Open Interpreter. Another option for sandboxing is [E2B](https://e2b.dev/), which overrides the default python language with a sandboxed, hosted version of python through E2B. Follow [this guide](/introduction/e2b) to set it up.
+
+## Notice
+
+Open Interpreter is not responsible for any damage caused by using the package. These safety measures provide no guarantees of safety or security. Please be careful when running code generated by Open Interpreter, and make sure you understand what it will do before running it.
diff --git a/docs/safety/isolation.mdx b/docs/safety/isolation.mdx
@@ -2,4 +2,18 @@
 title: Isolation
 ---
 
-Coming soon...
+Isolating Open Interpreter from your system is helpful to prevent security mishaps. By running it in a separate process, you can ensure that actions taken by Open Interpreter will not directly affect your system. This is by far the safest way to run Open Interpreter, although it can be limiting based on your use case.
+
+If you wish to sandbox Open Interpreter, we have two primary methods of doing so: Docker and E2B.
+
+## Docker
+
+Docker is a containerization technology that allows you to run an isolated Linux environment on your system. This allows you to run Open Interpreter in a container, which **completely** isolates it from your system. All code execution is done in the container, and the container is not able to access your system. Docker support is currently experimental, and we are working on integrating it as a core feature of Open Interpreter.
+
+Follow [these instructions](/integrations/docker) to get it running.
+
+## E2B
+
+[E2B](https://e2b.dev/) is a cloud-based platform for running sandboxed code environments, designed for use by AI agents. You can override the default `python` language in Open Interpreter to use E2B, and it will automatically run the code in a cloud-sandboxed environment. You will need an E2B account to use this feature. It's worth noting that this will only sandbox python code, other languages like shell and JavaScript will still be run on your system.
+
+Follow [these instructions](/integrations/e2b) to get it running.
diff --git a/docs/safety/safe-mode.mdx b/docs/safety/safe-mode.mdx
@@ -2,4 +2,63 @@
 title: Safe Mode
 ---
 
-Coming soon...
+# Safe Mode
+
+**⚠️ Safe mode is experimental and does not provide any guarantees of safety or security.**
+
+Open Interpreter is working on providing an experimental safety toolkit to help you feel more confident running the code generated by Open Interpreter.
+
+Install Open Interpreter with the safety toolkit dependencies as part of the bundle:
+
+```shell
+pip install open-interpreter[safe]
+```
+
+Alternatively, you can install the safety toolkit dependencies separately in your virtual environment:
+
+```shell
+pip install semgrep
+```
+
+## Features
+
+- **No Auto Run**: Safe mode disables the ability to automatically execute code
+- **Code Scanning**: Scan generated code for vulnerabilities with [`semgrep`](https://semgrep.dev/)
+
+## Enabling Safe Mode
+
+You can enable safe mode by passing the `--safe` flag when invoking `interpreter` or by configuring `safe_mode` in your [config file](https://github.com/KillianLucas/open-interpreter#configuration).
+
+The safe mode setting has three options:
+
+- `off`: disables the safety toolkit (_default_)
+- `ask`: prompts you to confirm that you want to scan code
+- `auto`: automatically scans code
+
+### Example Config:
+
+```yaml
+model: gpt-4
+temperature: 0
+verbose: false
+safe_mode: ask
+```
+
+## Roadmap
+
+Some upcoming features that enable even more safety:
+
+- [Execute code in containers](https://github.com/KillianLucas/open-interpreter/pull/459)
+
+## Tips & Tricks
+
+You can adjust the `custom_instructions` in your [config file](https://github.com/KillianLucas/open-interpreter#configuration) to include instructions for the model to scan packages with [guarddog](https://github.com/DataDog/guarddog) before installing them.
+
+```yaml
+model: gpt-4
+verbose: false
+safe_mode: ask
+system_message: |
+  # normal system message here
+  BEFORE INSTALLING ANY PACKAGES WITH pip OR npm YOU MUST SCAN THEM WITH `guarddog` FIRST. Run `guarddog pypi scan $package` for pip packages and `guarddog npm scan $package` for npm packages. `guarddog` only accepts one package name at a time.
+```
diff --git a/docs/usage/terminal/arguments.mdx b/docs/usage/terminal/arguments.mdx
@@ -94,7 +94,7 @@ fast: true
 
 #### `--local` or `-l`
 
-Run the model locally. Check the [local mode page](/language-model-setup/local-models/overview) for more information.
+Run the model locally. Check the [models page](/language-model-setup/introduction) for more information.
 
 <CodeGroup>
 
@@ -416,11 +416,7 @@ speak_messages: true
 
 Get the current installed version number of Open Interpreter.
 
-<CodeGroup>
-```bash Terminal
-interpreter --version 
-```
-</CodeGroup>
+<CodeGroup>```bash Terminal interpreter --version ```</CodeGroup>
 
 #### `--help` or `-h`
 
